Menu

Red Team

Once you gain access to a system during pentest, you might want to retain access by means of a backdoor. The most trivial method is to use metsvc which ‘unfortunately’ is very well fingerprinted by anti-virus software.

In this post, let us look at how to use a backdoor that uses social network for communications. The method used by the backdoor is identical to what was mentioned in my previous post.

Question - In a controlled corporate environment with DLP solutions monitoring the HTTP and Email traffic, how would you perform data exfiltration during a Red Team Pentest ? ‘One’ of the answers would be to use social networking sites, let’s look at Facebook in this post. Data exfiltration using Facebook (FB) and the like is nothing new. There has been various instances where these networks have been used as C&C, data receivers etc.. &rarrhk;